Member Avatar for Gump

Looks as if I've been hijacked, and I need help bad.
I used hijack this, and it created alog which I copied/pasted below.
Please excuse me if I've put this int he wrong place, or have trouble executing the proper procedures to rectify the problem, but most of all, thankyou for any and all help!

Logfile of HijackThis v1.99.1
Scan saved at 10:33:09 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\BRIANB~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=
O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpA22B.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c46.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113017374296
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  • 3 Contributors
  • 7 Replies
  • 259 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by 'Stein

Recommended Answers

All 7 Replies

Member Avatar for tayspen

Yea, you have a small collection of nasties.

Please run HJT again and select Do system scan only. Then place a check in the checkbox next to these items.

O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpA22B.tmp

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c46.cab

Close all brwosers and click Fix Checked

----------------------------------------------------------------------

Download smitRem.exe (http://www.bleepingcomputer.com/resources/link240.html), saving the file to your desktop. Double click it to extract the contents to a folder of it's own. Restart your computer in safe mode, logon to the user account that is infected, open the smitRem folder and double click the RunThis.bat file to start the tool. Follow the prompts on screen and allow disk cleanup to complete. Upon reboot, you can reset your desktop background. Note: XP users using the XP theme may ex-perience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.

How to boot into safe mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

-----------------------------------------------------------------------
Reboot normally

Then please download ewido - www.ewido.net - Install. Update. Scan. Remove anything it finds.

Post a new HJT log, and the ewido log

Member Avatar for Gump

ok here we go - hope i got this right:

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:          11:28:03 PM, 4/4/2006
 + Report-Checksum:     7763AE27

 + Scan result:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpywareQuake -> Adware.SpywareQuake : Cleaned with backup
    HKU\S-1-5-21-507921405-1972579041-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
    HKU\S-1-5-21-507921405-1972579041-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{893FAD3A-931E-4E53-B515-B1426D63799B} -> Trojan.Puper.aj : Cleaned with backup
    HKU\S-1-5-21-507921405-1972579041-1417001333-1003\Software\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} -> Adware.SpywareQuake : Cleaned with backup
    HKU\S-1-5-21-507921405-1972579041-1417001333-1003_Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} -> Adware.SpywareQuake : Cleaned with backup
    [1804] C:\WINDOWS\system32\stickrep.dll -> Downloader.Zlob.jx : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@247realmedia[1].txt[/email] -> TrackingCookie.247realmedia : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@ad.yieldmanager[1].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@adopt.euroclick[2].txt[/email] -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@adopt.specificclick[1].txt[/email] -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@adrevolver[3].txt[/email] -> TrackingCookie.Adrevolver : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@ads.addynamix[2].txt[/email] -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@ads.pointroll[1].txt[/email] -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@ads.realcastmedia[2].txt[/email] -> TrackingCookie.Realcastmedia : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@as-us.falkag[1].txt[/email] -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@bluestreak[1].txt[/email] -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@burstnet[2].txt[/email] -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@casalemedia[1].txt[/email] -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@chumtv.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@clickbank[2].txt[/email] -> TrackingCookie.Clickbank : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@cnn.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@com[1].txt[/email] -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@cs.sexcounter[2].txt[/email] -> TrackingCookie.Sexcounter : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@data2.perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@data4.perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfk4old5meq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfk4unczkco.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfkigjcpmbp.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfkikpdpsdp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfkiomcpkao.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfkiujcpedo.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfkiwldzcgo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfkokmcpgdp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfkoqgdpccp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfkosmdpobp.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfkougdpkco.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfkyopd5cep.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfl4aodjwfq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfl4uoazweo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfliaidpcfq.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfliald5kbo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wflikld5map.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfloclcpabo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wflogldzafp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wfmycod5olq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wgkogocjsbq.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wgkookdzmhp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wgl4khczwfo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wglyqkdjodp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6whkielajwho.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjk4apcjwbo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjk4ejcpgeq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjk4gnczohp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjk4sncpwgo.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkoemc5kdp.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkoggc5mkp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkogndjieq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkokhdpggp.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkoold5kao.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkoulczico.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkygmc5aeo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkygncpieq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkyohazeho.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkyohdzafo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkysgcpaep.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkyshcpiao.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkysnazabo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkyuicjaaq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjkyuncpwep.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjl4aiajckq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjl4ajd5aho.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjl4gjczgkp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjl4wiczilo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjliapcpado.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjlichazwfo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjlicicpmdo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjlickcjmlq.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjliojajicp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjlisocpklq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjlispajmap.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjliwic5mbo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjloagczcco.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjloalczglp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjloandpmkp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjlocnczshp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjlogic5ibp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjlyokc5slo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjlyskc5okp.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjlywgazgkq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjmisgdpgap.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjmisodjkdq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjmispd5egq.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjmyqodpakp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjny-1ic5se.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjny-1ncjif.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjnyajajogp.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjnyajdjsao.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjnyamcpmao.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjnyand5sdo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjnycgdjwlo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjnyepcpggp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjnysmczmep.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@e-2dj6wjnyugdzmho.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@edge.ru4[1].txt[/email] -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@findwhat[1].txt[/email] -> TrackingCookie.Findwhat : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@image.masterstats[1].txt[/email] -> TrackingCookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@msnportal.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@paycounter[1].txt[/email] -> TrackingCookie.Paycounter : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@pro-market[1].txt[/email] -> TrackingCookie.Pro-market : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@qksrv[2].txt[/email] -> TrackingCookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@questionmarket[1].txt[/email] -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@revenue[1].txt[/email] -> TrackingCookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@rotator.adjuggler[1].txt[/email] -> TrackingCookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@sel.as-us.falkag[1].txt[/email] -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@server.iad.liveperson[1].txt[/email] -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@serving-sys[2].txt[/email] -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@spylog[2].txt[/email] -> TrackingCookie.Spylog : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@stat.onestat[2].txt[/email] -> TrackingCookie.Onestat : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@statcounter[1].txt[/email] -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@tacoda[1].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@thestar.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@tradedoubler[1].txt[/email] -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@trafficmp[1].txt[/email] -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@tribalfusion[2].txt[/email] -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@www.burstbeacon[2].txt[/email] -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@www.myaffiliateprogram[1].txt[/email] -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@xxxcounter[1].txt[/email] -> TrackingCookie.Xxxcounter : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@yieldmanager[2].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@z1.adserver[2].txt[/email] -> TrackingCookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Brian Belanger\Cookies\brian [email]belanger@zedo[2].txt[/email] -> TrackingCookie.Zedo : Cleaned with backup
    C:\Program Files\SpywareQuake -> Adware.SpywareQuake : Cleaned with backup
    C:\Program Files\SpywareQuake\blacklist.txt -> Adware.SpywareQuake : Cleaned with backup
    C:\Program Files\SpywareQuake\Lang -> Adware.SpywareQuake : Cleaned with backup
    C:\Program Files\SpywareQuake\Lang\English.ini -> Adware.SpywareQuake : Cleaned with backup
    C:\Program Files\SpywareQuake\Logs -> Adware.SpywareQuake : Cleaned with backup
    C:\Program Files\SpywareQuake\msvcp71.dll -> Adware.SpywareQuake : Cleaned with backup
    C:\Program Files\SpywareQuake\msvcr71.dll -> Adware.SpywareQuake : Cleaned with backup
    C:\Program Files\SpywareQuake\Quarantine -> Adware.SpywareQuake : Cleaned with backup
    C:\Program Files\SpywareQuake\ref.dat -> Adware.SpywareQuake : Cleaned with backup
    C:\Program Files\SpywareQuake\SpywareQuake.exe -> Adware.SpywareQuake : Cleaned with backup
    C:\Program Files\SpywareQuake\SpywareQuake.url -> Adware.SpywareQuake : Cleaned with backup
    C:\Program Files\SpywareQuake\sq.ini -> Adware.SpywareQuake : Cleaned with backup
    C:\Program Files\SpywareQuake\uninst.exe -> Adware.SpywareQuake : Cleaned with backup
    C:\WINDOWS\system32\dfrgsrv.exe -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\interf.tlb -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\nvctrl.exe -> Hijacker.SpyAxe : Cleaned with backup
    C:\WINDOWS\system32\stickrep.dll -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\Temp\dodenpmd.exe -> Trojan.Dialer.ay : Cleaned with backup


::Report End

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:30:44 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Save me!\Media\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://windowsupdate.microsoft.com/[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: Shell=
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [url]http://*.windowsupdate.microsoft.com[/url] 
O15 - Trusted Zone: [url]http://*.windowsupdate.com[/url] 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113017374296[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url]
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

am i on the right path?

Edited by mike_2000_17 because: Fixed formatting
Member Avatar for 'Stein

Yes, you are. Now, run HJT, 'Scan Only', and place checks next to the following:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

After placing checks, close all windows and hit 'Fix Checked'. Then, restart your computer.

After the restart, download SpySweeper (link found in sig. below). Be sure to update definitions. Run a full scan, and post the scan log back here, along with a new HJT log.

Thanks.

Member Avatar for Gump

ok when i ran Spysweeper it prompted me to remove the selected items after the scan - i hope that is what i was suposed to do, as i did it.
I saved the session to file and cleared the sessin history
12:11 AM: | Start of Session, Wednesday, April 05, 2006 |
12:11 AM: Spy Sweeper started
12:11 AM: Sweep initiated using definitions version 649
12:11 AM: Starting Memory Sweep
12:15 AM: Memory Sweep Complete, Elapsed Time: 00:03:51
12:15 AM: Starting Registry Sweep
12:15 AM: Found Adware: winad
12:15 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
12:15 AM: Found Adware: spyware quake
12:15 AM: HKCR\clsid\{5b55c4e3-c179-ba0b-b4fd-f2db862d6202}\ (36 subtraces) (ID = 1218826)
12:15 AM: HKCR\typelib\{661173ee-fa31-4769-97d4-b556b5d09bda}\ (9 subtraces) (ID = 1218844)
12:15 AM: HKLM\software\spywarequake\ (1 subtraces) (ID = 1218854)
12:15 AM: HKLM\software\classes\clsid\{5b55c4e3-c179-ba0b-b4fd-f2db862d6202}\ (36 subtraces) (ID = 1218857)
12:15 AM: HKLM\software\microsoft\windows\currentversion\uninstall\spywarequake\ (7 subtraces) (ID = 1218859)
12:15 AM: HKLM\software\classes\typelib\{661173ee-fa31-4769-97d4-b556b5d09bda}\ (9 subtraces) (ID = 1218883)
12:15 AM: HKLM\software\microsoft\windows\currentversion\app paths\spywarequake.exe\ (1 subtraces) (ID = 1218894)
12:15 AM: Found Adware: spyware quake fakealert
12:15 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {e2ca7cd1-1ad9-f1c4-3d2a-dc1a33e7af9d} (ID = 1219030)
12:15 AM: Registry Sweep Complete, Elapsed Time:00:00:23
12:15 AM: Starting Cookie Sweep
12:15 AM: Found Spy Cookie: about cookie
12:15 AM: brian [email]belanger@about[1].txt[/email] (ID = 2037)
12:15 AM: Found Spy Cookie: adknowledge cookie
12:15 AM: brian [email]belanger@adknowledge[1].txt[/email] (ID = 2072)
12:15 AM: Found Spy Cookie: adlegend cookie
12:15 AM: brian [email]belanger@adlegend[1].txt[/email] (ID = 2074)
12:15 AM: Found Spy Cookie: hbmediapro cookie
12:15 AM: brian [email]belanger@adopt.hbmediapro[2].txt[/email] (ID = 2768)
12:15 AM: Found Spy Cookie: adrevolver cookie
12:15 AM: brian [email]belanger@adrevolver[1].txt[/email] (ID = 2088)
12:15 AM: Found Spy Cookie: adultfriendfinder cookie
12:15 AM: brian [email]belanger@adultfriendfinder[1].txt[/email] (ID = 2165)
12:15 AM: Found Spy Cookie: alt cookie
12:15 AM: brian [email]belanger@alt[2].txt[/email] (ID = 2217)
12:15 AM: Found Spy Cookie: apmebf cookie
12:15 AM: brian [email]belanger@apmebf[1].txt[/email] (ID = 2229)
12:15 AM: Found Spy Cookie: ask cookie
12:15 AM: brian [email]belanger@ask[1].txt[/email] (ID = 2245)
12:15 AM: Found Spy Cookie: atwola cookie
12:15 AM: brian [email]belanger@atwola[2].txt[/email] (ID = 2255)
12:15 AM: Found Spy Cookie: azjmp cookie
12:15 AM: brian [email]belanger@azjmp[2].txt[/email] (ID = 2270)
12:15 AM: Found Spy Cookie: banner cookie
12:15 AM: brian [email]belanger@banner[1].txt[/email] (ID = 2276)
12:15 AM: Found Spy Cookie: belnk cookie
12:15 AM: brian [email]belanger@belnk[1].txt[/email] (ID = 2292)
12:15 AM: Found Spy Cookie: bizrate cookie
12:15 AM: brian [email]belanger@bizrate[1].txt[/email] (ID = 2308)
12:15 AM: Found Spy Cookie: bravenet cookie
12:15 AM: brian [email]belanger@bravenet[2].txt[/email] (ID = 2322)
12:15 AM: Found Spy Cookie: gostats cookie
12:15 AM: brian [email]belanger@c2.gostats[2].txt[/email] (ID = 2748)
12:15 AM: Found Spy Cookie: ccbill cookie
12:15 AM: brian [email]belanger@ccbill[2].txt[/email] (ID = 2369)
12:15 AM: Found Spy Cookie: classmates cookie
12:15 AM: brian [email]belanger@classmates[1].txt[/email] (ID = 2384)
12:15 AM: brian [email]belanger@compactiongames.about[1].txt[/email] (ID = 2038)
12:15 AM: brian [email]belanger@compsimgames.about[2].txt[/email] (ID = 2038)
12:15 AM: Found Spy Cookie: did-it cookie
12:15 AM: brian [email]belanger@did-it[2].txt[/email] (ID = 2523)
12:15 AM: brian [email]belanger@dist.belnk[2].txt[/email] (ID = 2293)
12:15 AM: Found Spy Cookie: military cookie
12:15 AM: brian [email]belanger@forums.military[1].txt[/email] (ID = 2997)
12:15 AM: brian [email]belanger@gostats[2].txt[/email] (ID = 2747)
12:15 AM: Found Spy Cookie: kinghost cookie
12:15 AM: brian [email]belanger@kinghost[2].txt[/email] (ID = 2903)
12:15 AM: Found Spy Cookie: domainsponsor cookie
12:15 AM: brian [email]belanger@landing.domainsponsor[2].txt[/email] (ID = 2535)
12:15 AM: Found Spy Cookie: netster cookie
12:15 AM: brian [email]belanger@lb3.netster[1].txt[/email] (ID = 3072)
12:15 AM: Found Spy Cookie: maxserving cookie
12:15 AM: brian [email]belanger@maxserving[1].txt[/email] (ID = 2966)
12:15 AM: brian [email]belanger@military[1].txt[/email] (ID = 2996)
12:15 AM: Found Spy Cookie: touchclarity cookie
12:15 AM: brian [email]belanger@msn.touchclarity[1].txt[/email] (ID = 3566)
12:15 AM: Found Spy Cookie: outster cookie
12:15 AM: brian [email]belanger@outster[2].txt[/email] (ID = 3103)
12:15 AM: Found Spy Cookie: realmedia cookie
12:15 AM: brian [email]belanger@realmedia[1].txt[/email] (ID = 3235)
12:15 AM: Found Spy Cookie: adjuggler cookie
12:15 AM: brian [email]belanger@rotator.adjuggler[1].txt[/email] (ID = 2071)
12:15 AM: Found Spy Cookie: dealtime cookie
12:15 AM: brian [email]belanger@stat.dealtime[2].txt[/email] (ID = 2506)
12:15 AM: Found Spy Cookie: tickle cookie
12:15 AM: brian [email]belanger@tickle[1].txt[/email] (ID = 3529)
12:15 AM: Found Spy Cookie: toplist cookie
12:15 AM: brian [email]belanger@toplist[1].txt[/email] (ID = 3557)
12:15 AM: brian [email]belanger@toplist[2].txt[/email] (ID = 3557)
12:15 AM: Found Spy Cookie: tripod cookie
12:15 AM: brian [email]belanger@tripod[1].txt[/email] (ID = 3591)
12:15 AM: brian [email]belanger@uswitch.touchclarity[1].txt[/email] (ID = 3566)
12:15 AM: Found Spy Cookie: myaffiliateprogram.com cookie
12:15 AM: brian [email]belanger@www.myaffiliateprogram[2].txt[/email] (ID = 3032)
12:15 AM: Found Spy Cookie: xxx69 cookie
12:15 AM: brian [email]belanger@www.xxx69[1].txt[/email] (ID = 3732)
12:15 AM: Found Spy Cookie: xiti cookie
12:15 AM: brian [email]belanger@xiti[1].txt[/email] (ID = 3717)
12:15 AM: Cookie Sweep Complete, Elapsed Time: 00:00:04
12:15 AM: Starting File Sweep
12:15 AM: c:\documents and settings\brian belanger\start menu\programs\spywarequake (3 subtraces) (ID = -2147453332)
12:15 AM: c:\program files\spywarequake (ID = -2147453334)
12:15 AM: 00177088.exe (ID = 271990)
12:15 AM: spywarequake 2.0.lnk (ID = 275644)
12:15 AM: spywarequake 2.0.lnk (ID = 275644)
12:15 AM: spywarequake 2.0.lnk (ID = 275644)
12:15 AM: spywarequake 2.0 website.lnk (ID = 275643)
12:20 AM: 00176669.exe (ID = 271990)
12:25 AM: 00176612.exe (ID = 271990)
12:26 AM: Found Trojan Horse: trojan-downloader-zlob
12:26 AM: mscornet.exe (ID = 206)
12:28 AM: uninstall spywarequake 2.0.lnk (ID = 275645)
12:28 AM: Found Adware: security toolbar
12:28 AM: 00176687.bat (ID = 202688)
12:29 AM: File Sweep Complete, Elapsed Time: 00:13:42
12:29 AM: Full Sweep has completed. Elapsed time 00:18:14
12:29 AM: Traces Found: 167
12:31 AM: Removal process initiated
12:31 AM: Quarantining All Traces: trojan-downloader-zlob
12:31 AM: Quarantining All Traces: winad
12:31 AM: Quarantining All Traces: security toolbar
12:31 AM: Quarantining All Traces: spyware quake fakealert
12:31 AM: Quarantining All Traces: spyware quake
12:31 AM: Quarantining All Traces: about cookie
12:31 AM: Quarantining All Traces: adjuggler cookie
12:31 AM: Quarantining All Traces: adknowledge cookie
12:31 AM: Quarantining All Traces: adlegend cookie
12:31 AM: Quarantining All Traces: adrevolver cookie
12:31 AM: Quarantining All Traces: adultfriendfinder cookie
12:31 AM: Quarantining All Traces: alt cookie
12:31 AM: Quarantining All Traces: apmebf cookie
12:31 AM: Quarantining All Traces: ask cookie
12:31 AM: Quarantining All Traces: atwola cookie
12:31 AM: Quarantining All Traces: azjmp cookie
12:31 AM: Quarantining All Traces: banner cookie
12:31 AM: Quarantining All Traces: belnk cookie
12:31 AM: Quarantining All Traces: bizrate cookie
12:31 AM: Quarantining All Traces: bravenet cookie
12:31 AM: Quarantining All Traces: ccbill cookie
12:31 AM: Quarantining All Traces: classmates cookie
12:31 AM: Quarantining All Traces: dealtime cookie
12:31 AM: Quarantining All Traces: did-it cookie
12:31 AM: Quarantining All Traces: domainsponsor cookie
12:31 AM: Quarantining All Traces: gostats cookie
12:31 AM: Quarantining All Traces: hbmediapro cookie
12:31 AM: Quarantining All Traces: kinghost cookie
12:31 AM: Quarantining All Traces: maxserving cookie
12:31 AM: Quarantining All Traces: military cookie
12:31 AM: Quarantining All Traces: myaffiliateprogram.com cookie
12:31 AM: Quarantining All Traces: netster cookie
12:31 AM: Quarantining All Traces: outster cookie
12:31 AM: Quarantining All Traces: realmedia cookie
12:31 AM: Quarantining All Traces: tickle cookie
12:31 AM: Quarantining All Traces: toplist cookie
12:31 AM: Quarantining All Traces: touchclarity cookie
12:31 AM: Quarantining All Traces: tripod cookie
12:31 AM: Quarantining All Traces: xiti cookie
12:31 AM: Quarantining All Traces: xxx69 cookie
12:31 AM: Removal process completed. Elapsed time 00:00:11
********
12:08 AM: | Start of Session, Wednesday, April 05, 2006 |
12:08 AM: Spy Sweeper started
12:09 AM: Your spyware definitions have been updated.
12:11 AM: | End of Session, Wednesday, April 05, 2006 |

Logfile of HijackThis v1.99.1
Scan saved at 12:33:45 AM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Save me!\Media\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wolfpacktactical.com/forum/search.php?do=getdaily
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113017374296
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


am i getting this done correctly so far?
thanks for all the help, by the way!

Member Avatar for tayspen

Sorry for the late reply, must have missed your reply ;). Thats a clean log are you still having problems.

Member Avatar for Gump

Yes, everything seems to be back to normal.
Thankyou very much for the much needed help. I really do appreciate it!
Can anyone reccomend a nice free virus protection program that I might be able to download?

Member Avatar for 'Stein

Sure thing. One of the better AVs out there now (free or not) is AVG free. This is what I use personally. Also, be sure to keep the Ewido, and the only important thing that expires after the 'trial sesison' is the automatic updates. In other words, just be sure to manually update it before ya scan. Also, ya can uninstall SpySweeper now, for it will not remove anything after the 14-day trial.

AVG

Thanks again.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.